Unanswered Question
Mar 9th, 2007

Hi all, when configuring a firewall say pix 501, is all traffic allowed outbound by default, so if I use PAT to get to the internet for range, will all hosts be allowed out by default?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Fri, 03/09/2007 - 01:20

Hi Carl

By default outbound traffic will be permitted and you can access the net using NAT/PAT feature..

if you want to have some kinda inbound access then you need to create proper access lists to allow the remote ip's to access your local resources...

Also do remember you need to have one to one NAT configured for inbound access...


carl_townshend Fri, 03/09/2007 - 02:19

thankyou, i gather this is same for dmz, inside can connect to dmz but not other way around unless access list is in place to allow it ?

spremkumar Fri, 03/09/2007 - 02:25

Hi Carl

To put it on a simple note anything from High Security Zone to Low Security Zone ( Inside to Outside/DMZ) is permitted with necessary NAT statements.

You need to have Access-lists to permit traffic Low Security Zone to High Security Zone (Outside to DMZ or DMZ to Inside or Outside to Inside)..



This Discussion